Report: Your Car is the Latest Target for Hackers

By: CBS MoneyWatch
By: CBS MoneyWatch
According to a new report in Wired, thieves can use off-the-shelf hardware and software to impersonate a vehicle

Reuters Photo

Aug. 4, 2014

CBS MoneyWatch - That high-tech keyless car security system is pretty sweet -- for hackers. According to a new report in Wired, thieves can use off-the-shelf hardware and software to impersonate a vehicle's security fob and break into a car in no more than a few minutes.

This vulnerability in keyless vehicles illustrates what is practically an axiom in technology: Convenience often reduces security. And in a corollary truth, hackers are usually at least one step ahead of the technologies intended to thwart them.

Australian security researcher Silvio Cesare plans to review his findings about this new approach to keyless break-ins at this week's Black Hat Internet security conference in Las Vegas. The annual event is a place where people from law enforcement, security experts, military intelligence and even the shady side of the street come together.

People have previously found weaknesses in keyless entries. In 2012, for instance, a rash of Chicago car break-ins were linked to someone using some kind of electronic tool.

Meanwhile, Swiss researchers have found a way to get someone's key fob to broadcast an open command so it can be duplicated, potentially allowing thieves to break into and operate a car.

However, Cesare thinks that he may be the first to actually crack the encryption intended to guard they keyless systems. He built a device that would keep pressing the buttons on his own fob. After collecting thousands of samples of the codes intended to be picked up by the car, he found patters that reduced the number of possible codes to unlock a vehicle from 43 million to less than 13,000.

That's still a big number for humans, but computers can try that many sequences without getting bored, wasting time or needing a bathroom break.

According to InformationWeek, as cars increasingly feature on-vehicle wireless networks that connect with satellite services and smartphones, they become more vulnerable to remote attacks. By breaking into a car's Bluetooth network or a phone app, for instance, someone could in theory control a car's steering, braking or automated parking.

Last year, researchers showed how they could take control of many basic functions in a 2010 Toyota Prius and 2010 Ford Escape. Among new vehicles, the 2014 Jeep Cherokee, 2014 Infiniti Q50 and 2015 Escalade are the most vulnerable to attack, according to security researchers. A 2014 Audi A8 was deemed the least vulnerable model to electronic attack because the car's networked systems are separate from its physical operational systems.

The automobile industry has begun to take such threats more seriously. Last month it announced a mechanism to share security vulnerabilities.


The comments sections of Newsplex.com are designed for thoughtful, intelligent conversation and debate. We want to hear from our viewers, but we ask that you follow our rules for commenting. E-mail is required to comment on a story, but it will not be displayed with your comment. For complete rules, CLICK HERE. The Newsplex reserves the right to not post or to remove any comment.
powered by Disqus
The Charlottesville Newsplex 999 2nd Street S.E. Charlottesville, VA 22902 434.242.1919 – Main 434.220.7522 - Newsroom
Copyright © 2002-2014 - Designed by Gray Digital Media - Powered by Clickability 269862921 - newsplex.com/a?a=269862921
Gray Television, Inc.